Re: CryptAPI(encryption/decryption)

---

• From: S.Kumar <SKumar@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Thu, 14 Jun 2007 07:32:01 -0700

---

Hi DSilva.

Thanks for your valid feedback on my doubts.

As per your reply I could get the handle of the private key.
But while decrypting the data its saying BAD_DATA.

what can be the reason?

Since I an a newbie I'm trying to understand the concepts.
person A encrypted some data using his primary key and B's Public key. Is it
possible for B to decrypt the data using his Private Key. I have the
encrypted data and the .pfx file containing the B's private key.

Regards,
S. Kumar.


"Dylan DSilva (MS)" wrote:

<Common reply to both posts>

The PFX format encrypts the private key with the user supplied password so
exchanging private keys using this format is as safe as using the PEM
format. I would highly recommend using it since you've been having a lot of
trouble with the conversion. This can be done by combining the .cer and .pem
files into a PFX with OpenSSL on the server (with the command line
pkcs12 -export -in <CER file> -inkey <PEM file> -out <PFX file>)
transferring the PFX file over to the device and then importing it and
getting a handle to the key.
--
Dylan DSilva
Software Development Engineer
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © Microsoft Corporation. All rights
reserved.

"S.Kumar" <SKumar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A493FBFB-14D9-4240-AF44-71D7D2EECF24@xxxxxxxxxxxxxxxx

Hi DSilva

Thanks for the valid information. I tried with a sample .pfx file and its
getting the handle of the private key. But actually I need to import the
pem
format private key into the CSP. The private key is available in the
server
and I have to use this private key to decrypt the encrypted data that is
encrypted using its Public key. I got a tool named "pvktool" which saying
it
will convert to PRIVATEKEYBLOB but while importing its saying bad data. Is
there any alternative way to do this or its compulsary that we have to use
.pfx(pkcs#12) formats for windows mobile. Hope its not a good practice to
keep the private keys in server as .pfx format. so we are trying to use
.pem
format.

Thanks again
S.Kumar

"Dylan DSilva (MS)" wrote:

To answer your question - Yes, a PFX file will allow you to import both
the
certificate and the associated private key.

To get a handle to the private key after importing the PFX file you will
need to locate the certificate in the store using the
CertFindCertificateInStore API and then get access to the private key by
calling the CryptAcquireCertificatePrivateKey API followed by the
CryptGetUserKey API.
--
Dylan DSilva
Software Development Engineer
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no
rights.
You assume all risk for your use. © Microsoft Corporation. All rights
reserved.

"S.Kumar" <SKumar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:426E69EC-624C-4DF7-941E-4E2C6850301C@xxxxxxxxxxxxxxxx

Hi Dsilva,
Thanks again. Thanks for your valid information.
I got one tool but its in JAVA. I don't have any idea about it.
I'm trying to understand the basics of these public key and
Certificate.
I tried using the openssl library, tried to import the .pvk file after
converitn with pvktool but noting is working for me. I'm in total mess.
I
understood your reply to make the blob in the format given. I'm in the
R&D
of
how to make it.

One another doubt. If I use a PFX file instead of PEM can I import the
private key?
I can import the PFX file using PFXImportCertStore(). Now I don't know
how
to proceed. Can you give some suggestion

Thanks
S.Kumar

"Dylan DSilva (MS)" wrote:

Yes, the PEM format is Base64 encoded and may additionally be
encrypted
with
a symmetric cipher (AES, 3DES etc.). In addition to decoding it to
unencrypted binary, you would need to create the PRIVATEKEYBLOB
structure
with the fields described in
http://msdn2.microsoft.com:80/en-us/library/ms884374.aspx. Only a
PRIVATEKEYBLOB can be imported into a Microsoft CSP. As I mentioned in
my
earlier post, you should be able to find tools that support this
conversion.

--
Dylan DSilva
Software Development Engineer
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no
rights.
You assume all risk for your use. © Microsoft Corporation. All rights
reserved.

"S.Kumar" <SKumar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B8B841E0-5299-4D5F-B619-EE6F7FF02B2D@xxxxxxxxxxxxxxxx

Thanks DSilva,
I like to get little more details.
Is the PEM format is in base64 coded? If I convert the PEM to
binary,
can
I
load it into Microsoft CSP's?

Thanks in advance

S.Kumar.

"Dylan DSilva (MS)" wrote:

Unfortunately the Microsoft CSPs do not support importing keys in
pem
format. You would need to convert your key to the blob format
described
in
http://msdn2.microsoft.com/en-us/library/ms884374.aspx (I believe
there
are
tools out on the internet that let you do this) or use a custom CSP
that
supports keys in pem format.

--
Dylan DSilva
Software Development Engineer
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no
rights.
You assume all risk for your use. © Microsoft Corporation. All
rights
reserved.

"S.Kumar" <SKumar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D1B60822-0411-4666-8263-B58B2ECAF340@xxxxxxxxxxxxxxxx

Hi All,

I'm facing a problem in encryption decryption.
I have the privatekey in pem format.
How can I import this into CSP and decrypt the data which is
encrypted
using
public key.

I tried using CryptImportKey () but no success.

Thanks

.

---

• Follow-Ups:
  • Re: CryptAPI(encryption/decryption)
    • From: Dylan DSilva \(MS\)

• References:
  • Re: CryptAPI(encryption/decryption)
    • From: Dylan DSilva \(MS\)
  • Re: CryptAPI(encryption/decryption)
    • From: S.Kumar
  • Re: CryptAPI(encryption/decryption)
    • From: Dylan DSilva \(MS\)
  • Re: CryptAPI(encryption/decryption)
    • From: S.Kumar
  • Re: CryptAPI(encryption/decryption)
    • From: Dylan DSilva \(MS\)

• Prev by Date: Re: C# Callback for RegistryNotifyCallback not working
• Next by Date: changing autorun
• Previous by thread: Re: CryptAPI(encryption/decryption)
• Next by thread: Re: CryptAPI(encryption/decryption)
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: CryptAPI(encryption/decryption) ... The PFX format encrypts the private key with the user supplied password so ... exchanging private keys using this format is as safe as using the PEM ... (microsoft.public.pocketpc.developer) Re: CryptAPI(encryption/decryption) ... since symmetric encryption is faster than public key encryption. ... As per your reply I could get the handle of the private key. ... possible for B to decrypt the data using his Private Key. ... The PFX format encrypts the private key with the user supplied password ... (microsoft.public.pocketpc.developer) Re: CryptAPI(encryption/decryption) ... getting the handle of the private key. ... But actually I need to import the pem ... keep the private keys in server as .pfx format. ... To get a handle to the private key after importing the PFX file you will ... (microsoft.public.pocketpc.developer) Re: Format of the Public/Private key BLOB ... I have a PEM file with private key to decrypt it. ... CryptAPI and Linux using Openssl. ... default DER format? ... (microsoft.public.platformsdk.security) Re: CryptAPI(encryption/decryption) ... I misspelled the Private Key as Primary Key. ... and the priavte key in PEM format. ... Is there any variation in the encryption format in openssl compared to CSP? ... (microsoft.public.pocketpc.developer)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > PocketPC  > microsoft.public.pocketpc.developer  > 2007-06